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IN THE CLAIMS 
Please amend the claims as follows: 

Claim 1 (Previously Presented): In an authentication system in which an 
authentication server which authenticates a user, a user terminal which transmits a user 
authentication information, and an application server which provides a service to the user 
through the user terminal are connected together to enable a communication therebetween 
through a network, the address based authentication system including: 

the authentication server which comprises 

authentication means for authenticating a user based on the user authentication 
information transmitted together with a key information as an authentication request from the 
user terminal, the key information representing a public key K PU of the user terminal; 

an address allocating means for allocating an address to the user terminal for a 
successful authentication of the user; 

generating means for generating information-for-authentication using at least the 
allocated address; 

a ticket issuing means for issuing a ticket containing the allocated address, the key 
information which is received from the user terminal and the information-for-authentication; 

and a ticket transmitting means for transmitting the ticket issued by the ticket issuing 
means to the user terminal; 

the user terminal which has a pair of the public key K PU and a private key K S u and 
comprises: 

transmitting means for transmitting the user authentication information and the key 
information to the authentication server for purpose of an authentication request; 
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a ticket reception means for receiving the ticket which contains the allocated address, 
the key information and the information-for-authentication and which is transmitted from the 
authentication server; 

means for setting up the allocated address contained in the ticket as a source address 
for each packet which is to be transmitted from the user terminal to the application server; 

a first session key generating means for calculating a first session secret key which is 
shared with the application server, from the private key K S u of the user terminal and a public 
key Kp S of the application server; 

a packet cryptographic processing means for processing each packet to be transmitted 
to the application server by the first session secret key to guarantee that there is no forgery in 
each packet; 

means for transmitting a first packet including the ticket to the application server for 
establishing a session; and 

a service request means for transmitting a second packet requesting the service to the 
application server through the session; 

and the application server which has a pair of the public key K PS and a private key K S s 
and comprises: 

a second session key generating means for calculating a second session secret key 
which is shared with the user terminal, from the private key K S s of the application server and 
the public key K PU of the user terminal; 

a packet verifying means for confirming whether or not each packet received from the 
user terminal is forged using the second session secret key; 

a ticket memory means for storing the ticket transmitted from the user terminal; 

ticket verifying means for verifying the presence or absence of any forgery in the 
information-for-authentication in the ticket transmitted from the user terminal to determine if 
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the allocated address contained in the ticket is forged or not and preventing the ticket from 
being stored in the ticket memory means in the presence of a forgery and further verifying 
whether or not the key information contained in the ticket in the first packet, which has been 
verified as not being forged, is the key information representing the public key K PU of the 
user terminal, and if not, prevent the ticket from being stored in the ticket memory means; 

an address comparison means for determining whether or not the allocated address 
contained in the ticket which is stored in the ticket memory means coincides with the source 
address of the second packet which is transmitted from the user terminal through the session; 
and 

a service providing means for transmitting to the user terminal packets which provide 
the service to the user when a coincidence between the addresses is determined by the 
address comparison means. 

Claim 2 (Cancelled). 

Claim 3 (Previously Presented): The authentication system according to Claim 1 
the application server further comprising 

an address collating means for collating the allocated address in the ticket transmitted 
from the user terminal against the source address of the first packet which includes the ticket 
and for preventing the ticket from being stored in the ticket memory means if a coincidence is 
not found. 

Claim 4 (Previously Presented): The authentication system according to Claim 1 in 
which the authentication server comprises a user identifier allocating means for allocating a 
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user identifier which corresponds to the authenticated user in response to the authentication 
request for a successful authentication of the user, 

the ticket issuing means being configured to issue the ticket inclusive of the user 
identifier. 

Claim 5 (Previously Presented): The authentication system according Claim 1 
in which the authentication information generating means of the authentication server 
is configured to process the information including the allocated address with a shared secret 
key which is shared beforehand between the authentication server and the application server, 
the ticket verifying means of the application server is configured to further verify the 
information-for-authentication contained in the ticket using a shared secret key which is 
beforehand shared between the authentication server and the application server. 

Claim 6 (Cancelled). 

Claim 7 (Currently Amended): An authentication server in an authentication system 
in which an authentication of a user utilizing a user terminal is performed through the user 
terminal by an authentication server and a request is made to an application server to provide 
a service on the basis of the authentication, comprising 

a reception means for receiving an authentication request inclusive of a user 
authentication information and key information representing a public key K PU of the user 
terminal both transmitted from the user terminal; 

an authentication means to which the user authentication information of the received 
authentication request is input and which authenticates the user on the basis of the user 
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authentication information and providing a signal indicating a successful authentication upon 
a successful authentication; 

an address allocating means for allocating an address to the user terminal in response 
to an input of the signal indicating a successful authentication of the user; 

authentication information generating means for generating information- for- 
authentication using at least the allocated address and the key information; 

a ticket issuing means for issuing a ticket containing the allocated address, the key 
information and the information-for-authentication to the user terminal^ th e us e r of which is 
auth e nticated by th e auth e ntication means the application server conducting authentication 
for providing services to the user terminal based on the ticket, the ticket guaranteeing a 
correspondence between the user authenticated by the authentication means, the allocated 
address, and the key information corresponding to the user terminal ; and 

a ticket transmitting means to which the ticket is input and which transmits the ticket 
to the user terminal. 

Claim 8 (Previously Presented): The authentication server according to Claim 7, 
wherein the authentication information generating means is configured to generate the 
information-for-authentication by processing at least the allocated address and the key 
information using a shared secret key which is beforehand shared between the authentication 
server and the application server. 

Claim 9 (Previously Presented): The authentication server according to Claim 7, 
further comprising 
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a user identifier allocating means for allocating a user identifier which corresponds to 

the authenticated user in response to the authentication request when authentication of the 

user is successful, 

wherein the authentication information generating means is configured to process the 
information including the allocated address, the key information and the user identifier to 
produce the information- for-authentication and the ticket issuing means is configured to 
combine at least the information-for-authentication, the allocated address, the key 
information and the user identifier to form the ticket. 

Claim 10 (Previously Presented): The authentication server according to Claim 9 in 
which the user identifier allocating means is configured to encrypt user information which 
directly identifies the user by using an identifier-generating secret key K ro of the 
authentication server to produce the user identifier. 

Claim 1 1 (Cancelled). 

Claim 12 (Currently Amended): A user terminal in an authentication system in which 
an authentication of a user utilizing a user terminal is performed by an authentication server 
and a request to provide a service is made to an application server on the basis of the 
authentication, the user terminal having a pair of a public key K pu and a private key Ksi j, 
comprising! 

a key information generating means to which the public key Kp u of the user terminal 
is input and which generates a key information representing the public key K P1J of the user 
terminal; 
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a user authentication information transmitting means configured to transmit the key 
information together with a user authentication information to the authentication server; 

a ticket reception means for receiving a ticket transmitted from the authentication 
server, said ticket containing an address allocated by the authentication server to the user 
terminal, the key information representing the [[a]] public key K PU of the user terminal^ and 
information- for-authentication produced by the authentication server based on using at least 
the allocated address and the key information , the ticket guaranteeing a correspondence 
between the user authenticated by the authentication server, the allocated address, and the key 
information corresponding to the user terminal, the application server conducting 
authentication for providing services to the user terminal based on the ticket , th e us e r 
t e rminal having a pair of th e public key K TO and a privat e key Ks ^; 

a source address set-up means to which the received ticket is input and which sets up 
the allocated address contained in the ticket as a source address of each packet to be 
transmitted to the application server; 

a session key generating means to which the private key K sn of the user terminal and 
a public key K ps of an application server are input and which calculates a session secret key 
which is shared with the application server; 

a session establishing means to which the ticket is input and which transmits a first 
packet including the ticket to the application server for establishing a session with the 
application server using the session secret key ; 

a service request means for transmitting a second packet representing a service 
request to the application server through the established session; and 

a g e n e rating means to which th e public k e y of the user t e rminal is input and 
which generates the k e y information r e pr e s e nting the public k e y K w of th e us e r terminal; 
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a session key gonorating m e ans to which th e privat e k e y of th e us e r t e rminal and 
a public key Kps of an application s e rv e r ar e input and which calculat e s a session secr e t k e y 
which is shar e d with th e application s e rv e r; 

a packet cryptographic processing means to which each packet to be transmitted from 
the user terminal and the session secret key are input and which processes the packet using 
the session secret key to guarantee that there is no forgery in each packetf 

a us e r authentication information transmitting m e ans configur e d to transmit the k e y 
information together with the us e r authentication information to th e auth e ntication s e rv e r . 

Claim 13 (Cancelled). 

Claim 14 (Currently Amended): A user terminal in an authentication system in which 
an authentication of a user utilizing a user terminal is performed by an authentication server 
and a request to provide a service is made to an application server on the basis of the 
authentication, comprising: 

a key information generating means to which an authentication purpose shared secret 
key KUS which is shared with the application server and a random number which changes 
each time a session is established are input and which generates a key information by 
processing the random number by the authentication purpose shared secret key; 

a user authentication information transmitting means which is configured to transmit 
to the authentication server the key information together with the user authentication 
information for authentication by the authentication server; 

a ticket reception means for receiving a ticket transmitted from the authentication 
server, said ticket containing an address allocated by the authentication server to the user 
terminal, a key information^ and information- for-authentication produced by the 
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authentication server based on using at least the allocated address and the key information,, 
the ticket guaranteeing a correspondence between the user authenticated by the authentication 
server, the allocated address, and the key information corresponding to the user terminal the 
application server conducting authentication for providing services to the user terminal based 
on the ticket ; 

a source address set-up means to which the received ticket is input and which sets up 
the allocated address contained in the ticket as a source address of each packet to be 
transmitted to the application server; 

a session establishing means to which the ticket is input and which transmits a first 
packet including the ticket to the application server for establishing a session with the 
application server; 

a service request means for transmitting a second packet representing a service 
request to the application server through the established session; and 

a key information gen e rating moans to which an authentication purpose shar e d s e cr e t 
key-Kys which is shared with the application s e rv e r and a random number which chang e s 
each tim e a s e ssion is e stablish e d ar e input and which gen e rates a k e y information by 
proc e ssing th e random number by th e authentication purpos e shar e d s e cr e t key; 

a session key gen e rating means to which a private k e y Ksu of the user t e rminal and a 
public k e y K^ s of an application server are input and which calculat e s a s e ssion s e cr e t k e y 
which is shar e d with th e application s e rver, th e us e r terminal having a pair of a public k e y 




a packet cryptographic processing means to which each packet to be transmitted from 
the user terminal and the session secret key are input and which processes each packet using 




the session secret key to guarantee that there is no forgery in each packet^-and 
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a us e r auth e ntication information transmitting m e ans which is configur e d to transmit 

th e k e y information together with th e us e r authentication information . 

Claim 15 (Previously Presented): An application server in an authentication system in 
which an authentication of a user utilizing a user terminal is performed by an authentication 
server and a request to provide a service is made to an application server on the basis of the 
authentication, comprising 

a session establishing means for establishing a session with a user terminal in 
response to a reception of a session establishment request packet containing a ticket from the 
user terminal, said ticket containing an address allocated by the authentication server to the 
user terminal, a key information representing a public key K PU of the user terminal and 
information- for-authentication generated by the authentication server using at least the 
allocated address; 

a ticket memory means in which the ticket transmitted from the user terminal is 

stored; 

an address comparison means to which a source address of a service request packet 
which is transmitted from the user terminal and received through the established session is 
input and which determines whether or not the source address coincides with an allocated 
address of the user terminal contained in the ticket stored in the ticket memory means; and 

a service providing means which provides a service to the user terminal when the 
output of the address comparison means indicates a coincidence, 

wherein said session establishing means comprises a ticket verifying means for 
verifying authenticity of the ticket, which is received from the user terminal for establishing 
the session, by checking the information- for-authentication contained in the ticket to 
determine if the allocated address contained in the ticket is forged or not and preventing the 
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ticket from being stored in the ticket memory means when verification is not successful, and 
further verifying whether or not the key information contained in the ticket in the first packet, 
which has been verified as not being forged, is the key information representing the public 
key Kpu of the user terminal, and if not, prevent the ticket from being stored in the ticket 
memory means. 

Claim 16 (Cancelled). 

Claim 17 (Previously Presented): The application server according to Claim 15, 
further comprising 

a session key generating means for calculating a session secret key which is shared 
with the user terminal from a private key of the application server and a public key of the user 
terminal; 

and a packet verifying means for verifying whether or not the session establishment 
request packet received from the user terminal is forged using the session secret key and for 
preventing the ticket from being stored in response to a verification output indicating the 
presence of a forgery. 

Claim 18 (Previously Presented): The application server according to Claim 17 in 
which the ticket verifying means comprises collating means for verifying, when the received 
session establishment request packet has been verified by the packet verifying means as not 
forged, whether or not key information contained in the ticket corresponds to the public key 
of the user terminal which has been used in the calculation of the session secret key. 
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Claim 19 (Previously Presented): The application server according to Claim 15 in 

which the ticket verifying means comprises terminal authenticating means to which an 

authentication purpose shared secret key which is shared with the user terminal and a random 

number which changes each time a session is established are input and which processes the 

random number using the authentication purpose shared secret key, collates a result of the 

processing against a key information in the ticket and verifies the authenticity of the ticket by 

seeing whether or not a matching between the result of processing and the key information 

applies. 

Claim 20 (Previously Presented): An application server according to Claim 15 in 
which the ticket verifying means comprises means for verifying whether or not the source 
address of the received session establishment request packet coincides with the allocated 
address contained in the ticket within the session establishment request packet and for 
preventing the ticket from being stored in response to a detection output which indicates a 
non-coincidence. 

Claim 21 (Currently Amended): A computer readable storage medium having stored 
thereon an authentication server program for programming a computer to function as an 
authentication server in an authentication system in which an authentication of a user 
utilizing a user terminal is performed through the user terminal by the authentication server 
and a request is made by the user terminal to an application server to provide a service on the 
basis of the authentication, the authentication server comprising: 

a user authentication information reception means for receiving an authentication 
request inclusive of a user authentication information and key information representing a 
public key K PU of the user terminal both transmitted from the user terminal; 
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an authentication means to which the user authentication information of the received 
authentication request is input and which authenticates the user on the basis of the user 
authentication information and providing a signal indicating a successful authentication upon 
a successful authentication; 

an address allocating means for allocating an address to the user terminal in response 
to an input of the signal indicating a successful authentication of the user; 

authentication information generating means for generating information- for- 
authentication using at least the allocated address and the key information; 

a ticket issuing means for issuing generating a ticket containing the allocated address, 
the key information* and the information- for-authentication* the ticket guaranteeing a 
correspondence between the user authenticated bv the authentication means, the allocated 
address, and the key information corresponding to the user terminal and for issuing the ticket 
to the user terminal , the application server conducting authentication for providing services t o 
the user terminal based on the ticket the user of which io authenticated by the authentication 
m e ans ; and 

a ticket transmitting means to which the ticket is input and which transmits the ticket 
to the user terminal. 

Claim 22 (Currently Amended): A computer readable storage medium having stored 
thereon a user terminal program for programming a computer to function as a user terminal m 
an authentication system in which an authentication of a user utilizing a user terminal is 
performed by an authentication server and a request to provide a service is made to an 
application server on the basis of the authentication, the user terminal having a pair of a 
public key K gn and a private key Ksu, comprising: 
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a key information generating means to which the public key Kp u of the user terminal 

is input and which generates a key information representing the public key Kg n of the user 

terminal; 

a user authentication information transmitting means configured to transmit the key 
information together with the user authentication information to the authentication server; 

a ticket reception means for receiving a ticket transmitted from the authentication 
server, said ticket containing an address allocated by the authentication server to the user 
terminal, the key information representing the [[a]] public key K PU of the user terminal^ and 
information- for-authentication produced by the authentication server based on using at least 
the allocated address and the key information , the ticket guaranteein g a correspondence 
between the user authenticated bv the authentication server, the allocated address, and the key 
information corresponding to the user terminal , the application server conducting 
authentication for providing services to the user terminal based on the ticket , th e us e r 
terminal having a pair of th e public k e y and a private k e y K g^; 

a source address set-up means to which the received ticket is input and which sets up 
the allocated address contained in the ticket as a source address of the user terminal; 

a session key generating means to which the private key Ksu of the user ter minal and 
a public key K P ^ of an application server are input and which calculates a session secret k ey 
which is shared with the application server; 

a session establishing means to which the ticket is input and which transmits a first 
packet including the ticket to the application server for establishing a session with the 
application server using the session secret key ; 

a service request means for transmitting a second packet representing a service 
request to the application server through the established session; and 
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a k e y information g e n e rating moans to which th e public key Kpy of th e us e r t e rminal 

is input and which g e n e rates th e key information repres e nting th e public key K w of th e us e r 

t e rminal; 

a session k e y g e n e rating m e ans to which the private key Ks u of th e user t e rminal and 
a public k e y Kp s of an application s e rv e r ar e input and which calculat e s a s e ssion secret k e y 
which i s shared with the application s e rv e r; 

a packet cryptographic processing means to which each packet to be transmitted from 
the user terminal and the session secret key are input and which processes each packet using 
the session secret key to guarantee that there is no forgery in each packet^ 

a user auth e ntication information transmitting m e ans configured to transmit th e k e y 
information tog e th e r with th e user authentication information to the auth e ntication serv e r . 

Claim 23 (Previously Presented): A computer readable storage medium having stored 
thereon an application server program for programming a computer to function as an 
application server in an authentication system in which an authentication of a user utilizing a 
user terminal is performed by an authentication server and a request to provide a service is 
made by the user terminal to the application server on the basis of the authentication, the 
application server comprising: 

a session establishing means for establishing a session with a user terminal in 
response to a reception of a session establishment request packet containing a ticket from the 
user terminal, said ticket containing an address allocated by the authentication server to the 
user terminal, a key information representing a public key K PU of the user terminal and 
information-for-authentication generated by the authentication server using at least the 
allocated address; 
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a ticket memory means in which the ticket transmitted from the user terminal is 

stored; 

an address comparison means to which a source address of a service request packet 
which is transmitted from the user terminal and received through the established session is 
input and which determines whether or not the source address coincides with an allocated 
address of the user terminal contained in the ticket stored in the ticket memory means; and 

a service providing means which provides a service to the user terminal when the 
output of the address comparison means indicates a coincidence, 

wherein said session establishing means comprises a ticket verifying means for 
verifying authenticity of the ticket, which is received from the user terminal for establishing 
the session, by checking the information- for-authentication contained in the ticket to 
determine if the allocated address contained in the ticket is forged or not and preventing the 
ticket from being stored in the ticket memory means when verification is not successful and 
further verifying whether or not the key information contained in the ticket in the first packet, 
which has been verified as not being forged, is the key information representing the public 
key K PU of the user terminal, and if not, prevent the ticket from being stored in the ticket 
memory means. 

Claim 24 (Previously Presented): The system according to Claim 1, in which the 
authentication server has a secret key and a public key for a digital signature, 
and said ticket issuing means comprises: 

an authentication information generating means for computing a digital signature on 
the information including at least the allocated address using the secret key for the digital 
signature to produce the information for authentication so that the application server can 
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verify the presence or absence of any forgery in the information for authentication in the 
ticket using the public key of the authentication server. 

Claim 25 (Previously Presented): The authentication server according to Claim 7, 
wherein the authentication server has a secret key and a public key for a digital signature, and 
said ticket issuing means comprises: 

an authentication information generating means for computing a digital signature on 
the information including at least the allocated address using the secret key to produce the 
information for authentication so that the application server can verify the presence or 
absence of any forgery in the information for authentication in the ticket using the public key 
of the authentication server. 
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